13 Free InfoSec Training Resources For IT Pros

There are all kinds of free training resources available for information security professionals. They typically come in two flavors — those designed to help prepare you for a security certification or to fill in security knowledge gaps. While some courses require you to sign up, others start with just one click, so you can browse and decide quickly if they're right for you.

Longtime IT and cybersecurity trainers, Ralph P. Sita, Jr. and Ryan J. Corey, launched Cybrary in January 2015. The Cybrary course catalog is impressive — it contains more than 100 courses spread across systems administration, network administration, cloud computing and cybersecurity. The bulk of the courses are geared toward some IT certification, such as the Certified Ethical Hacker (CEH), (ISC)2 CISSP and Microsoft Certified Solutions Associate (MCSA); while other courses focus on skills, like using the Metasploit Framework, Python for security professionals, plus malware analysis and reverse engineering.

All courses are delivered online, and include lectures, interactive lab demonstrations and study guides. Cybrary now offers exam vouchers for CompTIA and other popular cyber security certifications as well.

IASE also offers CyberProtect, a DoD game-like simulator that puts you in charge of security for an entire IT infrastructure. You choose security tools and deploy them on the simulated network, and then make decisions about mitigating risks, threats and vulnerabilities. It's fun and educational. Its Cyber Awareness Challenge has recently been updated for 2018, but still requires Adobe Flash support to run.

The InfoSec Institute offers a multi-module video-based course on CISSP cryptography, typically the most challenging part of the CISSP exam for most candidates, as well as a free, downloadable CISSP study guide. The latest version of their document The CISSP Domains bears the subtitle 2015 Update, and is entirely in sync with the current structure and contents of the CISSP Common Body of Knowledge. InfoSec Institute site visitors can also take progressive, custom and simulated CISSP practice exams through Skillset.

The National Institutes of Health offers mini training courses on information security, privacy and security awareness. All courses take less than 1 hour to complete. Here's the course list available, as of this writing:

If you're interested in learning how to use the Metasploit Framework and Metasploit Pro for penetration testing, check out Offensive Security's Metasploit Unleashed course, put together in part by the authors of "Metasploit: The Penetration Tester's Guide" (No Starch Press, 2011). Although the course is free to all, Offensive Security asks that satisfied course takers make a small donation to Hackers for Charity.

The folks at the highly regarded SANS Institute offer information security courses and tutorials through SANS Cyber Aces Online. Geared toward high school and college students, instructors, military vets and pretty much anyone looking for a job in the information security industry, the courses are designed to help people gain essential security knowledge. Three modules are available, each of which consists of several video-based modules (with or without quizzes):

Introduction to Operating Systems

Networking

System Administration

SANS states that the courses "are the same as those offered to information security professionals around the world," which we assume means via SANS training events.

FEMA's National Training and Education Division include several free self-study courses on cybersecurity for non-technical workers and IT professionals. These free courses cover digital forensics, cyber law and cyber ethics, information risk management, and more. The only downside is that you must apply for each training course you want to take, and the process might vary slightly by state. As of this writing, the catalog includes 25 courses under the heading of "Cyber Security" on topics that include cyber-terrorism and response, critical infrastructure security and protection, web-based security and risk management, and more. It is disaster or service interruption oriented, as you'd expect from the Federal Emergency Management Agency.

The International Information Systems Security Certification Consortium is usually denoted (ISC)2 and pronounced "eye-ess-cee squared." This is the certification sponsor for the CISSP and numerous other high-value information security credentials. (ISC)2also offers a variety of training materials related to safe and secure computing, including courses for parents and guardians, children, seniors and more. Created in concert with the Center for Cyber Safety and Education, these materials are useful for end users or for anyone trying to get a handle on basic information security concepts, tools and best practices.

Heimdal Security is a vendor that offers information security tools and systems, with a focus on the financial services industry and data protection and privacy. (Heimdal was the Norse deity responsible for monitoring security of the Bifrost bridge that links Asgard to the Earth.) The company has put together a nice compendium of cyber security courses online. You can click directly into categories for free security training for beginners and advanced professionals to narrow your search immensely.

Cal Poly Information Security: Security Training Materials

Credit: California Polytechnic State University

California Polytechnic State University has compiled a nice collection of links to posters, videos, quizzes and professional development opportunities for students, faculty and staff. You'll find information about password protection, home computer security, identity theft, phishing and spyware, and more, with quizzes to back up those materials (and to help you make sure you understand what you've learned).

These materials include a training video, plus a follow-up examination and answer key, designed to help companies and other organizations teach their employees about basic information security principles and best practices. It's an interesting way to see what passes for security awareness and consciousness training nowadays, and is meant to give companies a leg up in training their workers to practice safe computing and resist social engineering and other forms of attack.

OWASP stands for Open Web Application Security Project, and represents a broad industry group of IT and development professionals interesting in promoting the development and secure use of web-based applications and services. This collection covers topics of great interest to developers who build and test such things, and administrators who must install, secure and maintain them. The materials list includes more than a dozen course units of the material on the general subject of Application Security, and is well worth auditing for developers and for practicing and aspiring security professionals as well.

MOOC is an acronym for Massively Open Online Courses, free online university-level courses that are gaining huge popularity and attendance among interesting parties and IT professionals around the world. This compilation includes more than 20 MOOCs from institutions such as MIT, The Open University, the University of Maryland, Excelsior College and many more. For those seeking serious, college-level exposure and coverage to the topic, this is probably the best single resource in this story. For much more of this kind of thing, visit MOOCse.com (the MOOC search engine) and search on some or all "cyber security," "information security" or cyber security certification names.

Ed Tittel

Ed is a 30-year-plus veteran of the computing industry, who has worked as a programmer, a technical manager, a classroom instructor, a network consultant and a technical evangelist for companies that include Burroughs, Schlumberger, Novell, IBM/Tivoli and NetQoS. He has written and blogged for numerous publications, including Tom's Hardware, and is the author of over 140 computing books with a special emphasis on information security, Web markup languages and development tools, and Windows operating systems.